使用以下配置时,我正在学习Spring Security
@Configuration
@EnableWebSecurity
public class SecurityContextConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/dashboard/home/**").hasAnyRole("USER", "ADMIN")
.antMatchers("/dashboard/users/**").hasRole("ADMIN")
.antMatchers("/rest/users/**").hasRole("ADMIN").anyRequest()
.authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl("/").permitAll();
}
@Autowired
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin")
.password("admin")
.roles("USER", "ADMIN");
}
}
和AppInitializer是
public class WebAppInitializer implements WebApplicationInitializer {
public void onStartup(ServletContext servletContext) throws ServletException {
WebApplicationContext rootContext = getWebApplicationContext();
// add the dispatcher servlet and map it to /
DispatcherServlet dispatcherServlet = new DispatcherServlet(rootContext);
dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);
ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
"springDispatcher", dispatcherServlet);
dispatcher.setAsyncSupported(true);
dispatcher.setLoadOnStartup(0);
dispatcher.addMapping("/");
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD);
FilterRegistration.Dynamic characterEncoding = servletContext.addFilter("characterEncoding", characterEncodingFilter);
characterEncoding.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
FilterRegistration.Dynamic security = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
security.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
servletContext.addListener(new ContextLoaderListener(rootContext));
}
private AnnotationConfigWebApplicationContext getWebApplicationContext() {
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.setConfigLocation("pkj.to.config.classes");
return context;
}
}
登录表单是
<form action="<spring:url value='/login'/>" method="post">
<input class="input-field" type='text' name='username' placeholder="admin name">
<input class="input-field" type='password' name='password' placeholder="admin password" /><br>
<input name="submit" type="submit" value="submit" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
和控制器是
@Controller
public class LoginController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String doShowHomePage() {
return "login";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String adminLogin(Model model) {
return "redirect:/";
}
}
在我提交登录表单时使用上述配置我会一次又一次地重定向到登录页面。